We are using snprintf() function (https://linux.die.net/man/3/snprintf) in a framework that lets you program autonomous driving cars (our product).
The function is currently being used only for logging of console data on the secondary, non-real time computer.

However, both PCLint and Coverity static code analysis tools mark it as non-compliant:

Amplification
This rule applies to the functions that are specified as being provided by <stdio.h> and, in C99,
their wide-character equivalents specified in Sections 7.24.2 and 7.24.3 of the C99 Standard as being
provided by <wchar.h>.

None of these identifiers shall be used and no macro with one of these names shall be expanded.

. Checking that two pointer variables can never be the same in a program (in all possible executions) is called alias analysis. It is a static code analysis that static code analysis tools can do, but it usually is imprecise (can have false positives). So it is easier for them to ban the use of

There is no source buffer in the signature of snprintf.
You should carefully study Annex J.2 items 138-166 and 186 (as referenced in the rule) in ISO 9899 (C99 language specification) and you will realize that snprintf just does not belong in production level code.
At least i can't imagine any valid deviation permit.
Are you able to implement something like the trick below (_DEBUG not active for static analysis / release build)?